Add CI workflow to publish containers to ECR

[masih]

Add a CI workflow that publishes container images to an already set up immutable private ECR repo with security scanning enabled.

The build is configured to:

• Tag images by commit sha, ref -- since tags are explicitly configured to be immutable in ECR
• Run on head of release/* and main branches
• Dispatchable manually for ease of debugging

Fixes PLT-59

[github-actions]

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	✅ passed	✅ passed	✅ passed	Jan 12, 2026, 12:20 PM

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.82%. Comparing base (8864017) to head (ea47a9f).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2678      +/-   ##
==========================================
+ Coverage   43.81%   43.82%   +0.01%     
==========================================
  Files        1908     1908              
  Lines      159047   159047              
==========================================
+ Hits        69686    69702      +16     
+ Misses      82953    82942      -11     
+ Partials     6408     6403       -5     

Flag	Coverage Δ
sei-chain	45.89% <ø> (+<0.01%)	⬆️
sei-cosmos	38.20% <ø> (-0.01%)	⬇️
sei-db	69.13% <ø> (ø)
sei-tendermint	47.33% <ø> (+0.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 17 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[masih]

/backport

[github-actions]

Successfully created backport PR for release/v6.3:

• Backport release/v6.3: Add CI workflow to publish containers to ECR #2689